Have you ever wondered how it is that typing www.google.com into a web-browser brings you to (most) people’s favorite search engine? That function is accomplished by DNS, or Domain Name Services, and is what allows a Universal Resource Locator (URL) to translate something human-readable, like google.com, into something a computer can understand—in this instance, an IP address. An IP address isn’t something that most people interact with on a regular basis. One of the reasons for this is that they’re difficult to remember.
If, for example, you needed to visit 184.108.40.206 every time you needed to search for something, but you needed to go to 220.127.116.11 to see what your brother-in-law’s kids have been up to, things eventually become very complicated. (As an aside, if you are so inclined, type either of those IP addresses into the address bar of your web-browser to see which websites I’m referring to.) To get around this problem, we use DNS to translate the URL that you type to the IP address where a website actually resides. A URL is comprised of a few pieces: top-level domains, sub-domains, and prefixes. Two that are very important to recognize are the top-level and sub-domains.
To use a common example, www.example.com, is comprised of these three pieces. .Com is the top-level domain which is the highest part of the naming system used on the internet. Example is the sub-domain, which is separated from the top-level by a period. Www. might be the part most individuals are the most familiar with—it is what is known as a prefix and was originally used to specify that the address being input is on the internet, or world wide web. The URL is essentially giving a computer a series of instructions to tell it where to look to locate something. The first part, www. tells the computer that it needs to look on the internet, rather than locally. The .com then tells it to search in that portion of top-level domains, and then the sub-domain tells it the exact site that you wished to visit.
Boring and complicated so far? The good news is that without diving into levels of complexity that are unnecessary for most people’s purposes (and this article’s), that’s really all there is to a URL.
Perhaps the most important thing to understand from this information is the function of a top-level domain, and how it can be sometimes used maliciously. Most people are familiar with .com, but there are a number of others: .org, .edu, .gov, .biz, .info, etc. The .org domain was in the news recently, as the non-profit organization that hands out .org domain names was recently acquired by a private equity company. .Org domains were created with the idea that they be given to non-profit organizations, and as such the pricing for them had been capped at a low level for some time. The acquisition of the parent organization, called the Public Interest Registry (PIR) followed hot on the heels of an announcement by ICANN (the organization that oversees all domain names on the internet) was removing pricing caps for .org domains. Needless to say, both of these moves caused a bit of a stir.
If there is one important takeaway from this article, it should be this—pay attention to every part of a URL that you are visiting.
As we have covered in previous articles, phishing attacks are becoming more and more sophisticated, and one area of increased risk is the impersonation of valid domain names. What this generally looks like is a slight, and easily overlooked, misspelling of the domain name, or a different top-level domain than the valid address. As an example, say that www.chase.com is the address of your banking website. A scammer might send you an email indicating that your account had been compromised, and that you need to login and change your password. This email will then direct you to a fake domain, something like www.chaase.com, or www.chase.info. Once there, the website will look functionally identical to the real one, and can be used to capture your login credentials. URLs, and the domain names that they contain, are an important addressing system for our interconnected world, but the system is not fool-proof. It’s important to exercise good judgment with a healthy dose of skepticism while online to stay safe from malicious sites — a close examination of the URL is the best place to start.